Re: OT: Suspicious File found by chkrootkit
On Sunday 09 April 2006 04:54, Rick Friedman wrote:
> I run chkrootkit daily. Today it has found a file it calls, "suspicious".
> The file is a zero byte, hidden file. The path is
> /usr/lib/xulrunner/.autoreg
>
> After seeing this warning, I also ran rkhunter (rootkit hunter). The
> report from rkhunter comes up clean. It does not flag the .autoreg file
> (or any file for that matter).
>
> I am running sid and I believe that the .autoreg file may come from the
> libxul0d package.
>
> Is this a legitimate file or something I should be concerned about? I
> tend to think chkrootkit flagged it simply because it's hidden and zero
> bytes. I don't think it's really a threat but I want to make certain.
>
> Any help is appreciated. Thanks.
>
> Rick
I am running a 5-day old sid installation and have this .autoreg file, as
well. I couldn't find any other information online regarding this file,
but seeing as how the file's mtime is a few seconds after the other file's
mtimes, this file was probably generated when some package was configured,
most likely libxul0d.
Adam
--
"Pulling together is the aim of despotism and tyranny.
Free men pull in all kinds of directions."
Terry Pratchett, The Truth
Reply to: